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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to the amendment filed on April 12, 2006. Claim 20 
has been added by virtue of the amendment. 

2. Claims 12-20 are currently pending in the application. 

Response to Arguments 

3. Applicant's arguments filed April 12, 2006 have been fully considered but they 
are not persuasive for the following reasons: 

Regarding claim 12, the Applicant argues that the Cited Prior art (CPA), Wood et 
al. (U.S. Patent 6,668,322), does not teach "periodically validating access based on 
contractual relationship information." This argument is not found persuasive. Wood 
discloses an architecture wherein trust levels are established commensurate with 
certain resources. Based on what trust level requirements an application has, an 
existing login credential can be used, or a new login credential must be created which 
meets the trust level requirement (column 5 lines 46-57). This trust level mapping is 
views as a "contractual relationship" as the trust level establishes rules governing which 
applications the user can access with the credentials that were generated at that trust 
level. Furthermore, the "contractual relationship" is not between a trust level and the 
user, but it is between the user and the security architecture which allows access to 
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certain resources based on the contract (credential) which presents the user with a trust 
level. Therefore, it is asserted that a "contractual relationship" does exist in the CPA. 

Furthermore, the Applicant argues that the CPA does not teach "validating" 
access privileges, but instead teaches "authenticating" login credentials. This is not 
found persuasive. The login credentials are analogous to the access privileges as they 
provide a trust level, which provides conditional access to certain resources based on 
the trust level of the login credentials. Furthermore, based on www.dictionary.com , the 
terms "validate" and "authenticate" are synonyms, and therefore, are found to provide 
the same functionality. 

Furthermore, the Applicant argues that the CPA does not teach "periodic" 
validation. This argument is not found persuasive. The CPA teaches the session 
credentials and the underlying login credentials are periodically validated for such 
reasons as the temporal validity of the session credential and the login credentials 
(column 8 lines 44-67). Specifically, the CPA states the "underlying login credentials 
will be reauthenticated prior to the expiration of the session credential" (column 8 lines 
55-58). Based on the above definition of validate and authenticate, it can be seen that 
the credentials are periodically validated based on the expiration time of the credentials. 

Furthermore, regarding newly added claim 20, the Applicant argues that the CPA 
does not teach "comparing user login data with contractual information between at least 
two parties to determine system access privileges." This argument is not found 
persuasive. Wood discloses an architecture wherein trust levels are established 
commensurate with certain resources. Based on what trust level requirement an 
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application has, an existing login credential can be used, or a new login credential must 
be created which meets the trust level requirement (column 5 lines 46-57). This trust 
level to user mapping is viewed as a "contractual information" as the trust level 
establishes rules which govern which applications the user can access with the 
credentials that were generated at that trust level. Therefore, it is respectfully asserted 
that Wood does teach "comparing user login data with contractual information between 
at least two parties to determine system access privileges." 

Finally, regarding newly added claim 20, the Applicant argues that the CPA does 
not teach "creating or deleting login data based on said comparing." This argument is 
not found persuasive. Wood teaches that session credentials and the underlying login 
credentials are periodically validated for reasons such as temporal validity of the 
session credential (column 8 lines 44-67). If the login credential remains valid, a 
replacement session credential is issued, and if not, the login credential and the session 
credential are deleted (column 8 lines 57-67). The login credentials may be subject to 
being re-authenticated if the trust level mappings have changed (column 8 line 57 
column 9 line 6). Therefore, it is asserted that the CPA does teach "deleting login data 
or creating login data according to said validating." 

Therefore, the rejections for claims 12-19 are maintained, and the CPA is applied 
to reject newly added claim 20 as described below. 


Claim Rejections - 35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 12-20 are rejected under 35 U.S.C. 102(e) as being anticipated by Wood 
et al. (U.S. Patent No. 6,668,322). 

Regarding claim 12, Wood discloses: 

A method for updating privileges for access to an information system, 
comprising: 

periodically validating access privileges based on contractual relationship 
information (column 5 lines 46-57); and 

deleting login data or creating login data according to said validating (column 6 
lines 57-67, column 8 line 44 - column 9 line 6). 

Claim 13 is rejected as applied above in rejecting claim 12. Furthermore, Wood 
discloses: 

The method of claim 12, wherein said validating includes matching a login data 
item to the contractual relationship information (column 6 lines 44-56). 
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Claim 14 is rejected as applied above in rejecting claim 12. Furthermore, Wood 
discloses: 

The method of claim 12, wherein the contractual relationship information is 
included within an eligibility database (column 6 lines 23-33). 

Claim 15 is rejected as applied above in rejecting claim 12. Furthermore, Wood 
discloses: 

The method of claim 12, wherein said validating access privileges includes 
updating a datapage (column 6 lines 23-33). 

Claim 16 is rejected as applied above in rejecting claim 12. Furthermore, Wood 
discloses: 

The method of claim 12, wherein said validating includes cross-referencing 
eligibility information with security information (column 6 lines 23-33). 

Claim 17 is rejected as applied above in rejecting claim 12. Furthermore, Wood 
discloses: 

The method of claim 12, wherein said validating includes matching business 
rules to user login information (column 6 lines 1-9). 

Claim 18 is rejected as applied above in rejecting claim 12. Furthermore, Wood 
discloses: 
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The method of claim 12, wherein said validating includes periodically validating 
access privileges based on contractual relationship information wherein said access 
privileges define at least one or a program type, data item type, feature type, and menu 
option type (column 5 lines 46-57, column 6 lines 57-67). 

Regarding claim 19, Wood discloses: 

A method for updating privileges for access to an information system, 
comprising: 

periodically validating access privileges based on contractual relationship 
information (column 5 lines 46-57); 

creating login data independent of an attempt to access information in the system 
(column 6 lines 57-67, column 8 line 44 - column 9 line 6). 

Regarding claim 20, Wood discloses: 

A method for updating privileges for access to an information system, 
comprising: 

comparing user login data with contractual information between at least two 
parties to determine system access privileges (column 5 lines 46-57); and 

creating or deleting login data based on said comparing (column 8 lines 44-67). 


Conclusion 
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THIS ACTION IS MADE FINAL Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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